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W.^T.1%. 313(31) — wm, TJ4? IT #u)Pl<£l 3Tf$Pl4<H 2000 (2000 44 21) # 
tfRT 4347 #7 4fecT STHT 87 jqtTRT (2) #7 (uRsT) £RT 44 SRfaf 47Ft ^T, 

fa^-lfcSftsId 4?TTcfr 3T*fcT :~ 


1. strt attr sntK- (i) ^ P«h«h1 44 dfgfrr ?rm yt^Pl<£i (^^ ftstt s44?tt 

3ftr yf^4IU cRTT cilf^RTd 3T£T Z4 ^JtJdT) f^RW, 2011 £l 


(2) £ IMM'4 # ^7 WSRT # dTte ft tfctW fWl 

2. ^wrw-(i) f^zwt tf, ttrt H47 Bcr# ft 3^=424 3rtfsf?r ^ 

(47) “adtJfsRjrr' £ Mkilfficft 31^p|^d ( 2000 (2000 44 21) 3Tf3T^cT 

(1?) ^ fRfr Wl<frf^l 3TfMcT £ 74f 3l1?lyd!U|H #7 y4Vdd1 37 feRT $7 

f^RTR”, “3TR4 44 ^fcTT 3iiT “*3^ #7 “TO #7 44 3WR' 3frr 

“3RW1T, FRT4 ^rfrr # 44 TO cTcfr £ 3ftr 47Ffr $; 

(?T) “ P l dffid PI444T £ 3lf^RW # tTTCT 4347 #7 FT^R^T #7 ^ (i) #324 nftiHifad 

PRTftd 9\<bU\ %; 

0 ) 
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(R) “TIT^R ErgaTaft” TITfSF aRSTT % Ml t 7Jl arretted yfMa 

arf^rrr f at ftf mt t m afpre aa it Mr ara mm Mt m atM^ra Mt t, 

aMia 3TRtMH TT^TF M 3T 3T MaT ^T M # TOT, TRRT #T 

C c\ 

2TT 3Fsk < JT ^TT 51TT, ^jTioll ft f^ldT yift}cf>R afkfcta ^ ioTCT ^Rtt cji'-'McR aTTma cfTT 
5m$\l\ <aM J3TT f; 

( 5 ) “srer tt arktMa # urt 2 # aamr (1) £ ^ (^r) 4 *mr <MrM srer arMa 

& 

(a) ‘a^iar £ arfkMa *£t tna 2 *£r rana (1) % ^ (^e) 4 aar qftarM atRT 
3rflM 

(**) “m-sracfr 1 $ 3Tfttf?RW M 2 # 3^JTET (1) t? Q? (?) # ^ >MlM TOM 
3Ef^TFT f; " 

(3r) u yiaa<§” k Mr atf aa ?i«g arygaraararaTaagRTaa Mtt, ar rraMaa ar 

■J *N O O 

fltMSTa 3TMcT £ MR Mft MiK gRT Mt ?JxiaT Hg7 vMl ar 

^erfR foK* f^RTT olldl (t; 

(?r) “cqteicT ^^rar k Mr a?rt ^rt arMa £, at Mfr y^r ^rfrF ^ trM f at ^t 
at yrrar mt k anrar aFTcasr tr it Mr 3R ayam axiar ar Mt ^rar #r, tM£ 

Mr ftaM Mrt ^t aram fkr # aaraar fr, am #3R 4 M cafrF # Timra 
ror st aa?t fri 

(2) arazr aatt ^RTrE atk qgf sr, at fa Mat k yMM aft f fer 

si o 

arft^Ma MarMr f, gar^r; gft 3 f^ fRrr 3ft arttrMa 3t aa^r fi 

3. a^a?tm cafrRR 5Tgr ar ^rar.- Mt cafrp % afe^tra ote ar ^rar Tt Mr 
catrRTa aaar aMa %, tSM Mal^rt^a it mxm atafe f, - 

(i) W^t; 

(ii) fMfcr ^aar ^r t^r anar m ^ ar rt 3Ra agra te % ?Rtt; 

(iii) atM, ?Rtr Mna 3fR aia1%^ # Ml^r; 

(iv) otf^l<+i ^na; 

(v) MRaM atfltte 3ttr flcrgm: 

(vi) ^Ci^ctl arjat; 

(vii) iMrb ^t #r aim ft M ^rf ^tt, at ^r jyam ^ra^r ^ fM Mt MM 
Mrt saastr trtt M f; atk 

(viii) MM Mra gm M aM % amta rt arasta Mrarft, wr ar 

yrnmmT <t> fkv 3 m ^ rt> 'Erfr ^ amta yia <+>tf a^ai: 
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[W1 fi— hO] WT5T : ddmKd 3 

CRH Cntlr ^IHT, 3TTdlftt ft 3qd&d ft dT to to ft qjd % 3Pftd ft dT f^ft 

?jx4Hr wr 3rtor? arfatod, 2005 dT dcddd toft 3 R=d tor ftr 3 rto y^r tod 
ddr ft, qt topft % h^Vtiti! ftr to ftft^lto cdtoTd srer dT ^iht dftr dd?rr 

i;WI 

4. fajjfftd told &RT » # *ftq-ftdc?T 3ft? SRRH % to fttfft qq 3 qd*r tod 3!7HT.- (1) 
toito tonr dr to 3ftft cto aft toifftd toTd 3ft ark ft dddr 3 hh^t qto to toftr 
#T dd<tfl qft TOTT. w ^TdT ft, 3ft tet ft T-0HT ft, 3ddT ftSTdd qRHT ^ 

Chl4c||^r dT MS'([ l-dd ft, cdtolH ddHT, f5m% 3T?T3iH ft3<Wte c<yftolcl 3TCT dT SfddT 

ftr ft, % nqnarrd dr ?d qr qytofti qpft #> to iff fttqftkr ^tt^r ^r 3 cm qto atk d?r 

dfftfto qftdT % ^ dddT M dddT BdcTstr qpft to cdtol gTd, rSkfllft toft toto 
ftfto #T atfftd to ax7d7 3CT<4^r qdTft ft, ftto % to 3qN^J ftl to sftlft qft fftdfftd 
fted nr 3d#ft to ft toft 6 Tn tolftd fted ^r ten^ qr qqqfto torn diwn to 
3dft todtoto ftr to 3ddtr ftkTT-- 

(i) jdft. c2mfkr to ftteft qq ftf to 3TTdrftt ft q*pftd ftt dto mdr q*id; 

(ii) fftdd 3 ^ 3^4td TMftftd cdtold dT dtorto cdfcBdd 3TCT dT dddT #ft f^RT; 

(iii) dd^r ^y t y^dd 3tk dddT 3TT 3ddtd; 

(iv) tod b ^ d?d 3qdto dteRjtd tdtor srar dr dddr df^d dddT ^r y-^dd; 

( V ) tod 8 $ 3P?Fd ddr 3CRto dto^rr mit q^tor atk qtoTdi 


5. Tjtddr ^r <kr^r - (i) toto told dr f^to ^ 3P=d sdf^ tr# ^jddT % 
dd^ir $ 3dto £ qdto #r ddd ^ a3e;'dtfkr tdtor srcr dr ^tt qs^dr k qd dT 
ter dr f-kd # ditdH ^r fkl^d ^ d^rkr wr tern 

(2) P r d f dd toid dT ?d#r torw 3^d cdt^ dte^fkr ^dlte sr^r dT 

dddr kd^td d^t qkdr dlcr - 
<\ 

(qr) dd^r toto tord dr toto toft 3P=d ^dfftr ftr ^?d dr dtoftkr 

ft ftdtor tfttoft qdto % to ftdfrd d^r # dT ft; aftr 
*\ 

(^) ftfer^ftd ftdtor srt dr ^ddT qq a-u^i 3 d qdtor ftr to - 3 rra^dd^ dftt 

dH^rli dTdT ft I 

(3) ddto cdlftr ft fttft dddr ftdFT qpft ddd ( tofftd todd dT fdftr kftftd 
q^Tft 3fRT cdfftr ftft q^dr 3srr7dr ftt 3d qktotot ft to=dfftfto dtfttor ddft ^ 
to dtomr ftt- 

o o 

(qr) ftdtor cdlftr qft fd ?Pd # did+ift ft for dddr ftdftfd ^r ht Tftr ft; 

(^j) ftdtor cdtftr qft 3d qdkrd # didqqft ft torftr tor dddT ddfttd ^r ht 

^ ft; 
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(a) 3<!lfrP ft 3TT?TPd yTH^rfr ftt vM I <H «+>l Tl $; 3tP 

(IT) c2drfT ftt- 

(i) 3TT 3rflftFFa ft 5TT3=r 3ftT P ftt aTFElft £ at cpT ftjj^uj ^ 

$; 3lft 

(ii) 3TT ft aTF 3tfr P ftT dM+lft £ at yptilftd Par| 

{A) 5TCT aT ^j^RT F3ft ^TcTT P^lPd - Pftia aT i^ft PPd fttf 

3i<r<T cafft FcRT ftt 3TT yafraST. fftaft t^Txr fftPq&b Sata ftT aT aftftt aT 

doHda y^cT fftFT 3 TFU fftft ft 3afta 3T5=a*n’ artf^T, ft ana yfcltllftd 

n£r Pan 

(5) dJj^d *jaaT tf yftan ft Pa qata ftr an^fr Paft f? ^ ftaftfa ftt a£ 

$i 

(6) PaPa P*fTa aT ?Fft PPd fttf 3^ ^afft ^.TT 4 aft, aa 3Fft 
ski 3 mfta iftar am, 3F aanT ft ydf^dHd ftt 3TF7TT ftnr '5? ^ y^m ftr dt 

o n o o 

3 p Tri^rf^rPT PaT fft ftrf tafftar aaar aT ftpnftP ftaP^ u ; tw aaa ar 

O T f\ 

3 mafft ym arft m aamrta Star at ftsitPcr ftr aroftt: 

Pd v - '' 1% PaPcT Pana c«4irh^icl d^df ar tTpoTSlP SIC1 aT d^ldF Vidldl 
5R Odl M^!Wc' Pt«M^ aT PaPcT P«Eia ftt 3tlT ft #>lft 4K°~I cjid fftdt jlo-a cafft 
5RT 3TFTf^ ftT af ^JxTSTT ftr yidlP=bdl ft Pa iriWUfl 5# ftaii 

(7) pJ|Pd f^r^TRT aT, Jdftt 3p ft c-ilfrf* ^ilfrbc^ sidT ^IT d^dl, 

3i?RtrT Sitffap 5RT 8ft % TT^ET ^ R# F^TT y^TdT 

^>t yc^w ^|<T|T c?F k ,c t>^ f^TT ai^ ciif^id 5T2T FT d^u-ii yct<ri F F^t) 

dxTFr y^JcTT ^t t^Ffr 3ft FSFT ft^T3lt ^T am ptft W am^IT pdil^d P+Tif ^t 
qt ^ as 3rrdt Fimtrr grre 3ft ffrm fffPt <rr ^rt srmr i^raT 

N ’ 

amr PaPra P^eif -ft Pf^a ft fta Emr anTari ysja ^P gp ^mT wdT ^ ^ 
ft 3Ffftt dgaP . grcRT ftft ^r ^rr ft, PftPa Pw P ftft ftf ^rr ft^nr a 
ctvp qq fc[q , ic v M la aft' P^r 5a> ?rsar aiftt dti 


(8) PaPri Pm>^ 3F#V 3ilT ft P^F 8 ft F^TT ohsTSTcT 3r fFfTR 

^qar P Trftlia '<7Pn 

(9) Pft ftT P* 4 ^rfl^qg" tip ft ^q<HI ft? uftT^FT ft>' ftft^ ft 3Tqft d^di yc;irii 
p f^t Pdftiftfti 3 fR f^rqftr ar aaram Pan pr yfttaa ftr Ptj, Paffta Pqya 



Hi’ i 


' ii ' ’+«*<»*«il!'iii hi <■ 


'IIIMIty • 



[yPT II—3(i)] -TOT WT Tnsm : 

to tewn arterfr TO Pfte r w^tt afrr 3rq^fr a*uti$d yr jtot w hw tette 
TOTtet wteiT I P+Wd' artetel ^^^dli^ch TO dTO TOT tet otP Htfr@r £ 
to ffjTT <fc totw tow #r tewdl -^nfflitiR stem 

N 

6 ^crw q.r tosst - (1) teite' P*w tot ftetfr ctert wr wt 

tot m TOtw\te tocot 4t te 3*r tow y^ 3 tow artect £ tete fttete test w 

teft ^tJoiT <?T j? Plonk' cT*T 4> .^i« r P d lPd P^W ate TWW Mc^ldl ^ 41^1 TO -3«h r -i • 

?tftea $ ^ro P |t w ;;f oT tosh tefr Pte wfww wr 3Twnwr *ter 3t f^rv* 
aTTcrSTO t\ 

q^ ^TtRT ^TOT TOW # ^tet 3TPTOT ftet ter, y?oTW % TOTOW ^ TOTtet 

3t te, w Party, q^T totP atewr teter w^ar tow 3fr £, artetet ate arrortfr ^ 
2^ ^ Ptr terfrlTO 3TO W *}TO ^cT TOJW 3?te?TF TOte % Pp7 ter ^ 3rtfct 

arrwfter iR^Fift artewfi #r w?r irti ttrorfr artewr tefr ?ww # te toP #r 
TOTtet wr fto: 3ctey wp ip ttetster tetter bt^t w Tte ste Pytet Pww 
P Piter # 3tetr stem ?rwtet atfitew vw 3fr tow wteTt P tot yror arPw tww 

•O T 

ycKjfild <H^1 ^T vJilk’ d fl W teft 3T5W cWlrb te 3TdT|i 'jiik , < , fi | 

(2) 3^ tew (i) a^dte tefr ^ p, ^ qrto^te stct ^rr ^,dr 

rfr^RRT y^T ter ^ 3ite tefr 3n^r srt teft 2jter qsror dfr rw^ti 

(3) tetter tevRt ^t 3Tr^t attr # ^ cq% d4cid?te stct stt ^tto qtr 

y^FTtet dfr qstati 

(4) 3R ftew (i) arte tertet tew ^rr 3^t ate ^ teft wf^r ^r ^te^ter 
3<tRh^ artch^ 3R -{jxjoii ^>t wh qrrte ^Tott cjctet qsa^rr 37 wrr ater y«hc<H ?r^t qtem 

(7) qrr ate^t - tertet tew w 3dte ate ^ wlte m?t ^ ^tt ftertr 

a^w ter # ar^teid tefr arsw tertet tew ^rr tterft cte te fterfr qtro tetet ^tet^tet 
terfrFqt gist qt ^poii qrr ar^-d^i 4R artert art te - ^rct testw % ^tTT te dPf^vt <tKm R 
fter^r tete % atttet 3yratet fter w awmr tetter tew grtr tow ten anw =r; 
^TfT 3 rdt°T 4wc*r rtet awatTcT f^wt aTTtRTT aw ^ tertet P^w ^rt 3 ^frte ate ^ f^R% <wfrit 

3te tow w ar?t ter cwte ^ tot arswrw 4t te B^rte ^ te #r tester 

dfterr te^ytEW 4i te arw^^iqi ^ti 


8. ^rett y^tete 3te tew - (i) tef Pwdrt tew w oyt4y 3te £ itetfr oWte 

yr, 3te tot tero tosw q^rterf 3te tewart wr arwrow wt ter ^ TOn?r fr ftenr 
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farzrr dWNll 1 5^^ IRft 3tfr TfRcfit ^RlV^cT 3R t Tftr 'Jd% 4Rr 

xm 5*inre» Tcnf^rT ?TT^f ^fsf3TT 45Eta*T 3fa 3££RT 3TOTT dlft-ui' £ WEftR, 

TTf^^TrJT'E 3*fr TOTT ^T^FT aTTTT ^ ^ TTOR # W^fcl % TfT^T cRi^fcT # 

'vRRT 3 i l f£ci<tft ^ 3R*R f\ IT TITSTT &RT # OT tf, PNlf^TcT RT 3^1 3ftr £ 

f^fr c3Tf^ $, ^§ft Mr % 3Hfc?T 3Tf£raRRT 5RT ^HT ^ # 3E*W ^ OTJ, % 

3TH^f Vlp^d 3E£RT ^R23T 3ftr ^fd^t % 3RRTTC 54R(t 

^r » i ^Pcid fan $ # 3RT£tt 


(2) “}RRTT u1<U)R l <ft qr. 3TTfv?T/3Il^RT3ft/3TTff}fr 27001 317#^ HT^ tfRRT cWwfl#>- 
}RRT ^TT WT ^TTc?T-3T^rT^' ^ ^TT ?TR33 $ 3ft 3T t^W ( 1 ) # %\ 


(3) Mt ftft W SRT 3RH7 Tpr fftRft 3^T 3RRT RT 3ft^HE3, f^RT% ^RT 3R fftzR (2) 
* 3w?n^sier mm 3?rt q^qt #r 3frtw/3iT^3ft/3n^ ^ ft- fUs* ^ ssTjRur 
^ ?, 3Rftt 37RT ^ £ snmrfr ^ f^r? fcstffe, ^TR 

^ T IW^rT: 3-T«H«MlTc;<r1 3ftl 3tf?RjRc1 Eratd<H qRsftcT qR: qTR 


(4) i^Pii^lrf Q<+>!4 RT 333# 3ftl ft" #f cRfft>, fftRlft - 3R IftRRT i3) #7 3T^fc? RSIT TR'fttf^TT 

o 

3ftl 3lf^RTpId RT cfr 311 -H /3f 11 U'^H 3ta 127001 3W ^ RT gR.T vR^TT F^tJt 3rW 

4t c^i^Pcfrl f^RJT $ t g^RT ^TfrERrTT BTffT 3^T qllfRfia# 3RRHRT 

toT ?T3T ^RTfTT oITXRTT RRR tRTT ^T 3dR #T ^ #RcfcT RsFER 

^J-^Jchd; 3 R<hM^c1 T^cTT ^3T qflST^ 331?:^ ^ 3Tf^rTr^t gRT f^RTf^TcT 3TTRR tr ?TJHIfu)RT RT 
^RT f^TRT 7RTT ?tl ^frh^rE ^3T 3lk 4%RT3lt # TR^tSIT ^ 4333 

3R # oiK'jft RT 3IR T^iT f^rf^TcT f^^hl4 RT 3'^eft 3#f 3R^T qfojj l 3|R 

^i^-jttRT 4r 3Vc*)’isToll^ 3WRI<ri 3IR^T ^RrTT ^ I 


[R7T. R. 11(3 )/201! -Tfh^r^:;j 
RT. ifa 3lVl<, W^eKI Rfd<3 


*IH I II i H4MHf I 


i| . i*itt iituwm , IM m 
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MINISTRY OF COMMUNICATIONS AND INFORMATION TECHNOLOGY 
(Department of Information Technology) 

NOTIFICATION 

New Delhi, the 11th April, 2011 


G.3.R. 313(E). — | n exercise of the powers conferred by clause (ob) of sub¬ 
section (2) of section 87 read with section 43A of the Information Technology Act, 
2C0C (21 of 2000), the Central Government hereby makes the following rules, 

name'y.- - 


** Short title and commencement.— (1) These rules may be called the Information 
Technology (Reasonable security practices and procedures and sensitive personal 
data ur information) Rules, 2011. 

(?) They shall come into force on the date of their publication in the Official 
Gazette 

2. Definitions — (1) In these rules, unless the context otherwise requires,- 

(a) “AcT means the Information Technology Act, 2000 (21 of 2000); 

(b) ‘Biometrics” means the technologies that measure and analyse human body 
characteristics, such as ‘fingerprints’, ‘eye retinas and irises’, ‘voice patterns’, 
facial patterns', ‘hand measurements’ and ‘DNA’ for authentication 
purposes; 

(c) “Body corporate” means the body corporate as defined in clause (i) of 
’ explanation to section 43A of the Act; 

(4) “Cyber incidents’' means any real or suspected adverse event in relation to 
cyber security that violates an explicitly or implicitly applicable security policy 
resulting in unauthorised access, denial of service or disruption, 
unauthorised use of a computer resource for processing or storage of 
information or changes to data, information without authorisation; 

(e) “Data” means data as defined in clause (o) of sub-section (1) of section 2 of 
the Act; 

(f) “Information” means information as defined in clause (v) of sub-section (1) of 
section 2 of the Act; 

(g) “Intermediary” means an intermediary as defined in clause (w) of sub-section 
(1) of section 2 of the Act; 
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(h) “Password” means a secret word or phrase or code or passphrase or secret 
key, or encryption or decryption keys that one uses to gain admittance or 
access to information; 

(i) “Personal information” means any information that relates to a natural 
person, which, either directly or indirectly, in combination with other 
information available or likely to be available with a body corporate, is 
capable of identifying such person. 

(2) All other words and expressions used and not defined in these rules but defined 
in the Act shall have the meanings respectively assigned to them in the Act. 

3. Sensitive personal data or information. — Sensitive personal data or 
information of a person means such personal information which consists of 
information relating to;— 

(i) password; 

(ii) financial information such as Bank account or credit card or debit card 
or other payment instrument details ; 

(iii) physical, physiological and mental health condition; 

(iv) sexual orientation; 

(v) medical records and history; 

(vi) Biometric information; 

(vii) any detail relating to the above clauses as provided to body corporate 
for providing service; and 

(viii) any of the information received under above clauses by body corporate 
for processing, stored or processed under lawful contract or otherwise: 

provided that, any information that .is freely available or accessible in public 
domain or furnished under the Right to Information Act, 2005 or any other law for the 
time being in force shall not be regarded as sensitive personal data or information for 
the purposes of these rules. 

4. Body corporate to provide policy for privacy and disclosure of 
information. — (1) The body corporate or any person who on behalf of body 
corporate collects, receives, possess, stores, deals or handle information of provider 
of information, shall provide a privacy policy for handling of or dealing in personal 
information including sensitive personal data or information and ensure that the 
same are available for view by such providers of information who has provided such 
information under lawful contract. Such policy shall be published on website of body 
corporate or any person on its behalf and shall provide for— 

(i) clear and easily accessible statements of its practices and policies; 

(ii) type of personal or sensitive personal data or information collected under rule 

3 ; 
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(iii) purpose of collection and usage of such information; 

(iv) disclosure of information including sensitive personal data or information as 
provided in rule 6; 

(v) reasonable security practices and procedures as provided under rule 8. 

5. Collection of information. — (1) Body corporate or any person on its behalf shall 
obtain consent in writing through letter or fax or email from the provider of the 
sensitive personal data or information regarding purpose of usage before collection 
of such information. 

(2) Body corporate or any person on its behalf shall not collect sensitive 
personal data or information unless — 

(a) the information is collected for a lawful purpose connected with a function 
or activity of the body corporate or any person on its behalf; and 

(b) the collection of the sensitive personal data or information is considered 
necessary for that purpose. 

(3) While collecting information directly from the person concerned, the body 
corporate or any person on its behalf shall take such steps as are, in the 
circumstances, reasonable to ensure that the person concerned is having the 
knowledge of — 

(a) the fact that the information is being collected; 

(b) the purpose for which the information is being collected; 

(c) the intended recipients of the information; and 

(d) the name and address of — 

(i) the agency that is collecting the information; and 

(ii) the agency that will retain the information. 

(4) Body corporate or any person on its behalf holding sensitive personal 
data or information shall not retain that information for longer than is required for the 
purposes for which the information may lawfully be used or is otherwise required 
under any other law for the time being in force.. 

(5) The information collected shall be used for the purpose for which it has 
been collected. 

(6) Body corporate or any person on its behalf shall permit the providers of 
information, as and when requested by them, to review the information they had 
provided and ensure that any personal information or sensitive personal data or 
information found to be inaccurate or deficient shall be corrected or amended as 
feasible: 

provided that a body corporate shall not be responsible for the authenticity 
of the personal information or sensitive personal data or information supplied by 
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the provider of information to such body corporate or any other person acting on 
behalf of such body corporate. 

(7) Body corporate or any person on its behalf shall, prior to the collection of 
information including sensitive personal data or information, provide an option to the 
provider of the information to not to provide the data or information sought to be 
collected. The provider of information shall, at any time while availing the services or 
otherwise; also have an option to withdraw its consent given earlier to the body 
corporate. Such withdrawal of the consent shall be sent in writing to the body 
corporate. In the case cf provider of information not providing or later on withdrawing 
his consent, the body corporate shall have the option not to provide goods or 
services for which the said information was sought. 

(8) Body corporate or any person on its behalf shall keep the information 
secure as provided in rule 8. 

(9) Body corporate shall address any discrepancies and grievances of their 
provider of the information with respect to processing of information in a time bound 
manner. For this purpose, the body corporate shall designate a Grievance Officer 
and publish his name and contact details on its website. The Grievance Officer shall 
redress the grievances of provider of information expeditiously but within one month 
from the date of receipt of grievance. 

6. Disclosure of information. — (1) Disclosure of sensitive personal data or 
information by body corporate to any third party shall require prior permission from 
the provider of such information, who has provided such information under lawful 
contract or otherwise, unless such disclosure has been agreed to in the contract 
between the body corporate and provider of information, or where the disclosure is 
necessary for compliance of a legal obligation: 

Provided that the information shall be shared, without obtaining prior consent 
from provider of information, with Government agencies mandated under the law to 
obtain information including sensitive personal data or information for the purpose of 
verification of identity, or for prevention, detection, investigation including cyber 
incidents, prosecution, and punishment of offences. The Government agency shall 
send a request in writing to the body corporate possessing the sensitive personal 
data or information stating clearly the purpose of seeking such information. The 
Government agency shall also state that the information so obtained shall not be 
published or shared with any other person. 

(2) Notwithstanding anything contained in sub-rule (1), any sensitive personal 
data or Information shall be disclosed to any third party by an order under the law for 
the time being in force. 


1330 GI/11—2B 





[*?PT II-¥^ 3(i)] 


W TFSPT? : JMW 


11 


(3) The body corporate or any person on its behalf shall not publish the 
sensitive personal data or information. 

(4) The third party receiving the sensitive personal data or information from 
body corporate or any person on its behalf under sub-rule (1) shall not disclose it 
further. 

7. Transfer of information.-A body corporate or any person on its behalf may 
transfer sensitive personal data or information including any information, to any other 
body corporate or a person in India, or located in any other country, that ensures the 
same level of data protection that is adhered to by the body corporate as provided 
for under these Rules. The transfer may be allowed only if it is necessary for the 
performance of the lawful contract between the body corporate or any person on its 
behalf and provider of information or where such person has consented to data 
transfer. 

8. Reasonable Security Practices and Procedures. — (1) A body corporate or a 
person on its behalf shall be considered to have complied with reasonable security 
practices and procedures, if they have implemented such security practices and 
standards and have a comprehensive documented information security programme 
and information security policies that contain managerial, technical, operational and 
physical security control measures that are'commensurate with the information 
assets being protected with the nature of business. In the event of an information 
security breach, the body corporate or a person on its behalf shall be required to 
demonstrate, as and when called upon to do so by the agency mandated under the 
iaw, that Tiey have implemented security control measures as per their documented 
information security programme and information security policies. 

(2) The international Standard IS/ISO/IEC 27001 on “Information Technology - 
Security Techniques - Information Security Management System - Requirements” is 
one such standard referred to in sub-rule (1). 

(3) Any industry association or an entity formed by such an association, whose 
members are self-regulating by following other than IS/ISO/IEC codes of best 
practices for data protection as per sub-rule(l), shall get its codes of best practices 
duly approved and notified by the Central Government for effective implementation. 

(4) The body corporate or a person on its behaif who have implemented either 
IS/ISO/IEC 27001 standard or the codes of best practices for data protection as 
approved and notified under sub-rule (3) shall be deemed to have complied with 
reasonable security practices and procedures provided that such standard or the 
codes of best practices have been certified or audited on a regular basis by entities 
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through independent auditor, duly approved by the Contral Government. The audit of 
reasonable security practices and procedures shall be carried cut bv an auditor at 
least once a year or as and when the body corporate or a person on its behalf 
undertake significant upgradation of its process and computer resource. 

[F. No. 11 ( 3 )/ 201 i-CL.rE] 
N. RAVI SHANKER, Jt. Secy. 

3Tf^RT 

11 2011 


3i4(3 T).—ttertt yWiPi4?t 2000 (2000 ^ i) trn 79 

#T 2FT-SJHT (2) mi TferT ?JRT 87 # TT-^TRT (2) ^ 1SS (TO) £T7T G2[rT "not 

TRct sRTcft 3Rfr?T 

1. mi 3ftr wsr - (i) TTfsTrr rpt ytdi #7 

t^rrf^r) IStro 2011 

(2) ^ Tranrr # rtYh? ffhYi 

2. qtorw - (i) f*T ht £ 3&mi\ ?r ^r, - 


$ trrt aTftTf^r^r. 2000 (2000 21 ) 3rf?to 

"fto ffar t tr 3jt1Wct {^r, ^pr, 

% 3th - TRTRT ■2JT fSW # T7^ 3TT 3Tf^^FT iRfr ^ faRT# 

m ^ f^cTTT T7 jq^fcrr & T3cT: #r- RT 

TFrftrr 3R ^nrrr t 3ft <*ftf 3 tft cu-di4d 3 tft m 

ffr trtht %\ 

"chJ-^dt OTW?r £ 3T^to<H # tlRT 2 #T 3R-&RT (1) % 73? (C) ^RIT 
TRTTtjar 3 I#T£r 

"TTT^R TRSTT ^nZTTT $ TR3TT #7 FTV # ^ TTTRr^F 2JT 

yfa*H TOTT Tffi^T £ 3ft FFT FT m 3TFTF FT $ RTSTT ^tf?T TT 3Tfct37TT cr T 
cffTcft ^ fold'll aryiftt^rT 3 tT oT f^tcToTT <^T <ft ^RJT, 

TrerSTT % OTFfRW ^TT 3TgTT°T 2JT 5RT ^ t^TT yiltJ^TT % M^q^c 7 #T fcTT 

fs 

cfTF^clT TTFltR ^T aryTf^cT iM^YaT TrfYcT g3TT 

"5TST TT 3tHJ1^TO # ?JHT 2 TT-^RT (1) ^ 133 (*T) # SRT 

3TrlT^Ff S ; 

^TnrsTT' ^ 3if^3w # etrt 2 # TT-tnrr (1) ^ ^ (to) ^ ^tir 

qtoTf^H $«}<*£TRte»‘ ^TcTrarr arfMcr t', 
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(*5) "3TR^tR WT aUMIdf^Rlk qcRfR SR 4 ’ £ 3*1kktRR RRT 70 *T # 3q-RRT 

(i> : ^ atfftR Qr+r m^tR qr<*--u|a aiimdR'Rfcr q?^pr sh artier 
(r) 'Rjrrt k arkrktRR rrt 2 *£r 3q-?q<r (1) ^ # rrt qkanftcf 

3tftktH 

(50 $ ar^RRr £r rrt 2 # arq-RRT (i) ^ («r) # rrt q ^nf^H 

Rtqjg^f 3TfS}$R 

(^o "iM^Wdi" t qftf cRT^t arfiklH $ 3ft RtTrarff ^ Mt chj-une^ qq gRkr 

f\ 

^rt qft ?ks qR^r, gqTrf^R qTkt, qfe^r, kcRq^R qR^-, g^rfSkr qR^ rt 3 rckte 

RT ^7 ktR qRHT ^¥3^ TJZF&tf ^RHT ^ 3ft? fR# 3RR cRf^R §ft f 

Rt RRqcT RR k f^Rft RT$sR %$7 # WR RRTtjkt qq 3qqk[ q7*k f RT Tjq^R 
qR^ 

(2) w R3fr rrtf ?r^t 3fk q^t qq 3ft ?r f^rkf # qf^ ^ii^d R^t £ f^RR arktktRR # 
qftRTf^rT %, qRRT: q£t 3rk ^tRT 3ft 3Tf^Pl^«M ^ 3Rqq ^| 

3. R^zracft SRT aiRqfRR $T ktR WW<b q>ftkddl - RtRq?ft arq^ qT^cRt qq kr%R qRk 
JR f^RRfetfef 3 R-^<f qrf^odT qq 3i<HMldd qkRT, 3RtfcT :- 

(1) RtRg^f tefr cR^T iiRT R^RRcff ^ qqFCR^- ^RTtR# ^7 (jq#Fr RT q<qRr #7 

c\ 

fotR ktRkf 3tk fakTRkf, qqqHRT ?ftfcT 3tk iq'^qdl qRR qq qqq^RT qT^f 

(2) ^ f^RRT atk f^Rw, ktqtjR atk $v$ rt aq^Wdi qRR qR^rsq rhur# ^ 
jq^qaiaft qft RkTrr qrkt fa ^ ikfr f^Rfr rrrt qq fte, q?rf?kT, arq^k, 
jqidkd, qqqf^tcT, qkw, aiq^: rt qit ?rfr 3fr 1% - 

(q7) l^Rfr afk c^f^d t ^ afk qr aqktqRr qq qftf art^qqr Rfr 

%: 

(^)rrr]- ^q £iPi4iK4i, 6^\$<b, RTR^if^qq^, 3TofRq, qRfknfW, 

^IfeMkRT, aiMclWIccHq, 3R3T cRf^f7 # Uqi"ddl % fcHT 3TTqqRq7, HpTR^, RT 

qsrnfr, an?frq ^ ^r arrakr rRr, araRl^cr arqRRRRrar, tRRfrtjR rt qq k 

<\ 

^frqkJrf RT 3Rt sfdlcii ^a-| ^7 fkq RT 3RRRT RT^T oft ^t f^Rtt 3RR kfcl ^t 

t; 

(r) t^Rfr afr qqqq k aTRRfqft #7 Ikxr F^Rq» t: 

(R) f^Rft ssqqR kt^T, qfk^RTTf^tqTR RT 3RR Rtqf^qj arftJqTRt qq 37RqR®T 
qT^cfr 

( 5 ) dr'H^q q^r fWr f^kt qq arftgRRq qRRr $■, 

(r) tkr ^7 rr #7 f^qR ^ ^ikikt qft Rt^r ^?tt ^ rt r^rtirt ^ r M 
?RRTr qq kRR qRRT ^ ^ft R7RT ^T k ^iRnd RT RRqq^T RTtfr q^kt 
(157) for# 3RR cRkq qq qf^qtrr qRRf %■ 
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{30 M }fc^3T 3T3TF1 31 31T3 33^31 31 Vfam 3TcTTqT £ dt 

3i«M-'3c< TWT3oT chl^FlcHdT 3>t sTlf^cT 3Rin, <HS 3>4<A 31 Tt;f?lcT 3Rtrl 

f^rrr ftsn^r f^tr 33 f; 

(50 hret <£r T^oFcTr, 3-n33crr, tsu, man 3i tott, 33^fr 

31 ofcfT cZrcHPTT 3Rt STRcfT £ 31 fMt tfhOt .WT 37t 3R^ % 

foTxr 33RTTH1 £ 31 m 33 3TW?T 3RdT £ I 

(3) Tft33cft aH^4>'{ Mr ?UJ<H! 37T 31 333f§lcl ST^T 307IT 31 33T#7 3T^W 37l CHRIST 

5# 3^31, 3TP^ 9pFTOfir 33 333 d^T 3^31 3^ 3^Rm (2) # 33T qRtvJT 3^^ 

TRTdT 33 xRRT 31 jqlcRTT 3=T^t 3 tMT: 

f\ 

H<cd 3? f^7 ?T£33cff ^7 f^HrifcJl^sld 3>c3 (2) 3-T 32 .;|fcif^[^g iH'H'-H R 

o c ' ' o 

?jxraT 37t fOr 37733 , 33 TRT 3 3RRT, wqifcd 37731 31 stseri 37731 dfr #t£ rtcrT - 

(37) Mr 3T3=C3TCT WT £ E3H: fWr 3331 33 3R=3Rfl 31 31^333^ 3T 3Tf3ctff 

f\ c\ 

WT 3TT yuiTcfr #7 3RR^Tr RSTT ^ f^RT# 3T^R qit'TOT R 

*\ <N 

3R3 c F3-'-3cR TRTl^RT 3>t 71317 % folk 1 <HM4 TTTTcRT fo^33°l 33 io-lci^d HHctlbid 

(73") f^Rfr TOT3# gRT 71331, 3R1 31 7T3R W& % 37t Mt FRR„, OT 

3T 71317 7T3#r #7 3Tf3Mt gTT! Sll^pr c^F #T cjRdfa* YUR^lfl' A 33^ #7 tfMTd 
3lf^Pl3<H #7 3R3tfT ^ 3RRTR 3TT^r 3T T^RT ^7 3RRRW # ^TRT ; 

o o 

(4) JlO#, 3R^3<R yu||c¥l 3T 33^3 §4^lt>ef 3T 31 Wf?Rr # 3$ %, T33 

3TlR33tr 31#raET 3R^ 3T 3T f^Rfr yWT%FT 33T% gfRT fclR&d 4 31 0 

FTrRlIM |-^T OT ,C J#P 33^T3H (2) ^ 33M^d ^331 31Tdf^F dWchljl ^ RI3 3TT^ 3T 
36 3t ^ §Ml <*4 ch£ £FMT 3ttT 3T|T RT3 ?t Mt ?RRT ^ 333W 3T T3Rt ^ <T4 Ofr 
TRI3T 2f?T 3R^T 33 33^ 3^3T 3ft % 33^W (2) 3>T ic-dUd TRcft ^t 3Tc33T 

m~330f Mt TRRTT 3M Fl?3^ 3lflFc^at 3R^FT % MT3R# ^ f?Tj 313T W 90 f^T 
313ltr #T f^pr qiMlTd TlMn 

(5) TOT3# 3M3Ul 3Tt ^ 3pOT 3^31 3t33cfr #1 33=33T 3Tn33i‘ 31 U3M 31 333t3 

433 #7 f^TT 3ttl QQ3T fr, 333t33 3RR, U<+»ldd! sftfcT 33 3iddM!dd 3R^ TT m3”l0t 

qfr m:33cff #7 4>^3d4 Ml33t 37t V3'M 3R^ 31 333t3 3R^ 333trR3# #7 3T^37R 37t 

RJTTfi' 3>RT 33 3ltr 3iddM[cH<ri # 3^ d^dl 37t 33 SlItHK ?t3T I 

(6) 3?33rit 3ft?lPl3<H *P 3333t 33 31 dc3RT3 3^3 3R3 33 TRscfi ^ 3TT13T3 

3i^<*3l 

(7) Jjt:33af i^^M<53> 3lf^H 7R33fr 3Tf^3Rufr 37l HT?3T 3^11 3Fa1%^ 33 31 “^3^, 
jr^fU]- % fapr ^xj<HT 31 Mt FT^T3dT jndHT 3RT331 off l^tOWr 33^1 £RT 3T^ftaTd ?T 
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?trrt rt Mr h^mhi % r^rtrr ^ mrIrrI % f^nr rt ftorw, rrt rrt ■&, artow, 

atftotRR, R|$«R RTCTT # ETSRT attl RcRRR R^R toft tot ^ 3TtfT5T aTRRtft to ^ ft? 

to # 3R^rtr rt to# ftrft t(rrt rt Mr r^trrt # Rto rr r^W<h trf rr £ 

c^ftRT rrt $, RRftjTR % T?)y 3HcH®tr RTTRft orrMti 

(8) R^-Rtof rrrt yt<Ei)fft<£i (^^rb rtstt M<toi 3ftr Rton rrt Rtorto ci^to, 
?jtj?rr) toR 2011 # rrt fftto to pr<w htstt Rtotftr aftr RtoiT3ft rr aiRm^i Rtor 3to 
frTczrer tomto aftr 3tor aftrlto rrrt # trw #? to toh^ srtr Rton 

<\ *\ o j o 

(9) I^RR# RTfRT TTTSTT # UcMIlJ 3ik TTT^RT RT8TT # R£RT3ft ^T toto RRRT Rft 
STTCcfRT RiRC^jtT 3TTWlf^rf^ RcRcR ScT #7 TTTR RTtRTI 

(101 RtRtof o f ffl*rg ' *"< ' Rij-wjd* toMr # d^^cpf an^r qft TRTtor rt toiaito rt 
jrtrIth zrfm rt M toft fcR ftr RTtor r£? «tor torft r^r^t tom^r % tiir^r 

R^R 3# flW fM #T RRT9RT 3ft f^T 3TTfc gTTT ft'HI to tolT RTRT aTTCltor $ torft 

OTRT RTJR Mr to* #T MWVerfl' ?t: 

l Kot 3 R£ fftr RtRRcff RTRc^JCT TTTTIRoT 3ftT 3TTft aiclf5s TJR«TT <£>T ^^TT % RRiRTR 

ftr to y'NjIft'to RitiRt, rtt tow rr r^rt £, 3frrw rtt ttrktt £, towR rtt r^rt 

^ RT 3R^ p^d TOT %\ 

(11) m-zracft 3^^ t c fR 'l ^ ' RT f^fRTR 3lt?Mr ^T RTR 3ft? 3R^ RR^> #7 RTtT-RT?T 
3R to ^r sfr ^to?tR ^tor sttt 3Rtor rt 3rr ^frto Rt ftoR 3 ^ Rlrr^RR 
^ Mt ;5R%'^TR RRTtfR #7 uMr RT 3RRM ^ ^TRR 3R^ ^TTT 3MRetT RR 

^ct-^e-T RRTtlRt ^T RRl^TR 3TRR to ^ ^TRR ^ftl^R J3TT %, M ^Mr RT R^RRcff 
RTRtot 3RRtR #T 3TtoT f^RiTRclt R*t Rfe RRT R%| fttRHRR 3Tft[RiTfr f^fRHRRt R>T 

gf^TRW f^MRRR f^rtor ^r Rite £ ttr? rtr ^r araf^r ^ §fTRT r^tt i 


[RR. R. 11(3 )/2011 -RftrR^Rr!] 
RR. to RRR, R7JRR Rfto 
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NOTIFICATION 

New Delhi, the 11th April, 2011 


G.S.R. 314(E),— In exercise of the powers conferred by clause (zg) of sub¬ 
section (2) of section 87 read with sub-section (2) of section 79 of the Information 
Technology Act, 2000 (21 of 2000), the Central Government hereby makes the 
following rules, namely: — 

1. Short title and commencement.— (1) These rules may be called the Information 
Technology (Intermediaries guidelines) Rules, 2011. 

(2) They shall come into force on the date of their publication in the Official 
Gazette. 

2. Definitions.— (1) In these rules, unless the context otherwise requires,— 

(a) “Act” means the Information Technology Act, 2000 (21 of 2000); 

(b) “Communication link” means a connection between a hypertext or graphical 

element (button, drawing, image) and one or more such items in the same or 
different electronic document wherein upon clicking on a hyperlinked item, 
the user is automatically transferred to the other end of the hyperlink which 
could be another document or another website or graphical element. 

(c) “Computer resource” means computer resource as defined in clause (k) of 
sub-section (1) of section 2 of the Act; 

(d) “Cyber security incident” means any real or suspected adverse event in 
relation to cyber security that violates an explicitly or implicitly applicable 
security policy resulting in unauthorised access, denial of service or 
disruption, unauthorised use of a computer resource for processing or 
storage of information or changes to data, information without authorisation; 

(e) “Data” means data as defined in clause (o) of sub-section (1) of section 2 of 
the Act; 
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(f) "Electronic Signature" means electronic signature as defined in clause (te> of 
sub-section (1) of section 2 of the Act; 

(g) “Indian Computer Emergency Response Team” means the Indian Computer 
Emergency Response Team appointed under sub section (1) of section 
70(B) of the Act; 

(h) “Information” means information as defined in clause (v) of sub-section (1) of 
section 2 of the Act; 

(i) “Intermediary” means an intermediary as defined in clause (w) of sub-section 
(1) of section 2 of the Act; 

(j) “User” means any person who access or avail any computer resource o f 
intermediary for the purpose of hosting, publishing, sharing, transacting, 
displaying or uploading information or views and includes other persons 
jointly participating in using the computer resource of an intermediary. 

(2) Ail other words and expressions used and not defined in these rules but defined 
in the Act shall have the meanings respectively assigned to them in the Act. 

3. Due diligence to be observed by intermediary. — The intermediary shall 
observe following due diligence whije discharging his duties, namely : — 

(1) The intermediary shall publish the rules and regulations, privacy policy 
and user agreement for access or usage of the intermediary’s computer 
resource by any person. 

(2) Such rules and regulations, terms, and conditions or user agreement shall 
inform the users of computer resource not to host, display, upload, modify, 
publish, transmit, update or share any information that — 

(a) belongs to another person and to which the user does not have any 
right to; 

(b) is grossly harmful, harassing, blasphemouSf defamatory, obscene, 
pornographic, paedophilic, libellous, invasive of another's privacy, 
hateful, or raci^ly, ethnically objectionable, disparaging, relating or 
encouraging money laundering or gambling, or otherwise unlawful in 
any manner whatever; 

(c) harm minors in any way; 

(d) infringes any patent, trademark, copyright or other proprietary rights; 

(e) violates any law for the time being in force; 

(f) deceives or misleads the addressee about the origin of such messages 
or communicates any information which is grossly offensive or 
menacing in nature; 

(g) impersonate another person; 
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(h) contains software viruses or any other computer code, files or 
programs designed to interrupt, destroy or limit the functionality of any 
computer resource; 

(i) threatens the unity, integrity, defence, security or sovereignty of India, 
friendly relations with foreign states, or or public order or causes 
incitement to the commission of any cognisable offence or prevents 
investigation of any offence or is insulting any other nation. 

(3) The intermediary shall not knowingly host or publish any information or shall 
not initiate the transmission, select the receiver of transmission, and select or 
modify the information contained in the transmission as specified in sub-rule 
( 2 ): 

provided that the following actions by an intermediary shall not amount 
to hosting, publishing, editing or storing of any such information as specified in 

sub-rum (2) — 

(a) temporary or transient or intermediate storage of information 
automatically within the computer resource as an intrinsic feature of such 
computer resource, involving no exercise of any human editorial control, 
for onward transmission or communication to another computer resource; 

(b) removal of access to any information, data or communication link by 
an intermediary after such information, data or communication link comes 
to the actual knowledge of a person authorised by the intermediary 
pursuant to any order or direction as per the provisions of the Act; 

(4) The intermediary, on whose computer system the information is stored or 
hosted or published, upon obtaining knowledge by itself or been brought to 
actual knowledge by an affected person in writing or through email signed with 
electronic signature about any such information as mentioned in sub-rule (2) 
above, shall act within thirty six hours and where applicable, work with user or 
owner of such information to disable such information that is in contravention 
of sub-rule (2). Further the intermediary shall preserve such information and 
associated records for at least ninety days for investigation purposes. 

(5) The Intermediary shall inform its users that in case of non-compliance with 
rules and regulations, user agreement and privacy policy for access or usage 
of intermediary computer resource, the Intermediary has the right to 
immediately terminate the access or usage rights of the users to the computer 
resource of Intermediary and remove non-compliant information.. 

(6) The intermediary shall strictly follow the provisions of the Act or any other 
laws for the time being in force. 

(7) When required by lawful order, the intermediary shali provide information or 
any such assistance to Government Agencies who are lawfully authorised for 
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investigative, protective, cybe?' security activity. The information or any such 
assistance shall be provided for the purpose of verification of identity, or for 
prevention, detection, investigation, prosecution, cyber security incidents and 
punishment of offences under any law for the time being in force, on a request 
in writing stating clearly the purpose of seekin such information or any such 
assistance. 

(8) The intermediary shall take all reasonable measures to secure its computer 
resource and Information contained therein following the reasonable security 
practice* and procedures as prescribed in the Information Technology 
(Reasonable security practices and procedures and sensitive personal 
Information) Rules, 2011. 

(9) The intermediary shall report cyber security incidents and also share cyber 
security incidents related information with the Indian Computer Emergency 
Response Team. 

(10) The intermediary shall not knowingly deploy or install or modify .he 
technical configuration of computer resource or become party to any such act 
which may change or has the potential to change the normal course of 
operation of the computer resource than what it is supposed to perform thereby 
circumventing any law for the time being in force: 

provided that the intermediary may develop, produce, distribute or 
empioy technological means for the sole purpose of performing the acts of 
securing the computer resource and information contained therein. 

(11) The intermediary snail publish on its website the name of the Grievance 
Officer and his contact details as well as mechanism by which users or any 
victim v who suffers as a result of access or usage of computer resource by any 
person in violation of rule 3 can notify their complaints against such access or 
usage of computer resource of the intermediary or other matters pertaining to 
the computer resources made available by it. The Grievance Officer shall 
redress the complaints within one month from the 'Me of receipt of compiaint. 


[F. No. 11 (3)/2011 -CLFE) 
N. RAVI SHANKER, Jt. Secy. 
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ATfaPTsHT 

•m-zracfr' 4 ,>mOf?RR <£r urn 2 # 33-tiRr (i) #r 73 ? («r) 4 w qteite 

A A-m d (it j-f RTvlcT 41 

■'z^R^-rot arffeTor 4 TRf^'o TRYTT £7TT arf44d f 3lY 

3 TAot RTETT % feHT FTf^TT 4r t4| 

"war <1^rra , ‘ 4 grre a-'tokr trtt^rT 4 eytif :#t krrNt #7 f4tr 

.3ER%d 4^fTr< 3]f44cf 4 

o 


lit.. 


It 1 .itipiHMUIHI III II 
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(3T) "yaWar ^ yd£ <*rfda afSTda I" at aryat aata yrrar ^ ^tt 3^f 

tT^RT ^TcTT t 3R cRfdrf 3fT f at aaRd" aa ^ fdRfr ai?sR drdr # 

yrytarea aaiyat yrr saatn yrat ^ ar yyrda yrat 

(2) m asfr a^mr srssfr 3ftr adt yrr at ?a f^amfr # afdaTfaa a^r £ fda=a ar ffi f ^r a # 
aftarfda $ &mj: afr 3 Rt ^rar at 3 a£ 3tr$1?RRT at jayrr It 

3. arf^r drdr qa <[5r^chw aard % fdftr arBtoRw - (i) wft ar^ar drdr yd aafda 
aryrrr srt yyr attt^a Tfdy£ryraa ^rfa^rcnr araar arflmw srt 3 RRaj Tf^ra^ryraa yrfcar 
dr aRi tfaaar f^rm aaarri tRr^irrr- dr a^a fat^yat at snfzto | • 

(1) 

(ii) 

(iii) 

(iv) 

(v) 

(vi) 

(vii) 

yr^RT , dr <Qj-f|cb<U! dr qw ^T^Rt^T 3ffl^RaT dr [daft arf^rfr 5RT 
yraafdyr P^tWR tdrar awi 

(2) ar?<r< drdr dr dr szfft arfstyvaa <£r d^aT^ ay 

yynfsTn Ptor aa^ti 

(3) affi d aaw aT^R drdr yd afia-ar^a tfrdaei yrat dr fdar afta-ai^a 
^QyflaRu i dd yf^ir yyrfdyr yryd yn aw yrtdr! 

(4) aafda yaw srt ^rfyafdd afiRfrya ^rt ^ar^RR # fdada 

yfdrRr yrr aidHicta yRar 3dctyRt ^tar P-dit dra^ta yayrR srt ^nrr fotaat dr 3fo-a^ta .aaa d 
2> 

arf^THf^RT fdrRT aRRTTi 
*\ 

4. sartor*# ReRTFr - (i) arfyy drdr idrtft yafaai yd .aaat ya^RR aaryat dr 
iaaVdT £r q^w yyffaa fdra fdarr saaRT aa7iTa aft yrtari aaata yrat yrr aa^Rr RRt 
^irt jq^y ~ di d^d 5 Rdi d~ a y^ra y^ydr araar q^aia aarfda yrtar f^ant an^ar dr am 
ga’i fa rTT # a^rra aaTtnaaa aa rd ?t adri ddr cRardat # f^aafdrf^a # ^ yrtf ?t adrat :- 


atawRT aa ara; 

aar afrr aadr dr ^dtd ?a^ sfr ^nf^ra 

gar dafdryr ai aRfrdnfr rt aara ayaryT^t ar aaai ar da^t 

f^Riaa # rntiar; 

a^w/&7T3frc v Ta/a^ar?-jrfr/td i (ii) rcr?T^- ^ ara; 

wm ^a^fd $ 3mar aff (aid ?t, fd qatt dr r P^y^R dr qra Tfdra^taraa 
afd' rt daad 3 rtot aasa qf^a^r dr ana # at^r); 3tk 

aifai drdr a ar^FT ^r aird arrft to yrr aarRi 


(i) fdaraa ai‘ srt aifr a^yra aR; ar 

(ii) fyr rt siarar ^rt artt addt dfe ant rt dfdu aad; rt 
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(iii) qrcntft; at 

(iv) ARTTRT HtfAM RA; AT 

(v) 3TTAAA 5lteFI 5RT ofRt TARfr cYt^T ASAT; AT 

(vi) PaWri at atat£ rYIofat sta Arft ^ qtrtirA at at 

(vii) Twf^cT aafr srt Ritr rtrr 3jsr5Tf^r; at 

(viii) akr totrt aetata stI^fra (RATfsTiTTf) srt rtSY 3ta?a A^ns ?r.5rt 

Cq?n$S)i 

(2) AI^OR Rq ATARI cRAT^t ATT ST^T^RT RAATARi SRT 3fa A!$AR # 

qiftj«'.r yfciftii^ SRT AflAAFR: qi%^H cRrll^ST #T AM ATR AT E#>TT yfR aY cKSlfto rR> 
rRrT! OR 3tf§ftfcg- AT ART £ ART w OR q>! JTci'ftt A> fRT 3AR*m t^TT ^TTU^TTi 

(3) jq-f^RRI (1) #T 30Y0 t f^RTT RAAfaRT SRT TAitAH A^AM 't RtRTRAci, 3RT4A 

m^3< a>Rt R jaa^a-ht aR a^atr tatIRtt arR ^ Trtt far# art arrjjcr at qf^frTR Or 

3rR AT qzftvT AR% f^JRT 30 TTYoTT! JAATART 3#T RTfAT ^ qrfnAJR qfRiRnT SRT 

W-ARkT VI Tffi^T <Ya %7Rt ^ AlTT SOT T^TST AT 3TPT f;OT tAR* AT f^AgTf^RT ARA 

& 3-T3TT^cT mi RT T#OTT| 

o 

(4) aY?T qfTCTRT At£ % TART tAaIT 3TAROT % ART qTf RATA iA-fdAR (1; A 30TTA 

TdVidH (AtY) 8fi £RHn^T ^ ATA AOA! 

(5) fcH$T 3 H •'i'!AdI ATA fAR?T cdfAd AT TTTiJAT R'T 3-Y y4?I R«s TTHTTIH 14>AI 

RTXOir -,-rq 3A-f^TAR (1) £ RTfOOJ gRRTclRt £ £ TOF ATW AR$T TO-OfT A^TART TAt1*YA 

ar 3i' at sflR artier ra-EIatt (2) 3^att ast 3nr?TiTi 

(6) AT^qT •Rq^^rcT qfr^A q^T d^ci fYqti q^ir A’fcT 'i^i-TtT 3qRiTHT T> 

A qlq-H^RH TT3F AT ERRT ^T| 

O 2> 

5. dRT tYATAE^ - (1) f5RRT 4 #> 3T-fdAA (1) ^ 3RTA7T t^Tfl 3WcF 3ilT 5A^> W±\ ftfRfr 
3TAA cAl^cT #T q^ATA A^TTffilrf ^ ^RtJTcT ATfAT Atn^flrr RT^qr TRA^HT ART ^ 
cirfqFrf ^TT 3T'4fSY?T TFrOATT ^ ROT T^TRT # AARcW TJAT qY 3TAltT ^ TeHT TTflYorf^fT 
3Th‘ 3ART TOTT^T rYat| 

(2) AT^AT RTA TfoTTcR % 3TFT-RT^T TTRiFT T^T 3TAT^FT TR RT^TTI ROT 

^R3R Yt TRY 3TTcrT-RT^R ATARW T^T i^r^CcM AT fRrfTSTT ^ RT^AA TT RTf^T^cT %AT 

AlVATl RTA tIoI’ESR TT y^iWclf % RRT A ART t^ROTfRt^cT sAtY TfcTt^T ^Rt, TOtYr :- 

(i) ROT 

(ii) ART 

(iii) t^TR 
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(iv) FRsRT 

(v) attr s^ffrr 

(vi) Rtto 

(vii) dP<HcH # MjUW 
(viii) rrt-^r frrt 

(ix) RRT-3TT3S FRRT 

(3) FTT^ST ^JT RTR-FptFcR # W RTIfRFT fttftt ^TF^cT ^TT foRRt efi ^ cy^ FTFFmRt 

% 7RTRT #T RlfHR-SR szfft ^ #T Xn=F ^l£ 3ftr FTPFS tfct 

arfi^cH^ur £rt 2RjTP£f$r?r c^Rvi rt 3^+^ui ^ htft # 5 cntnsr hrt ywd ^tti 

o 

(4) FTT^R 3R FRRft fotfr 3R3WRT OT 3TT^ FRTftMt % XJ^FT 

RT RRT-1R #T P-FRpftsJd RTR 3ff§lpRt|l ^ steT3TR 3R 8%R*H 3ftr 3IRF£PR W ^T ^FH XRFT 3^T 

o 

% foTF 4R^ 37T 3rR3Rfr ^JT > 

(1) FTifsTT # cp-j-Lije^ FTHnr^t *r wtm 3r% tt^rt # *r£ ten^st sft 
^P$ iFI | 

(ii) fti^t Mr # tftRfr frst ^ rrti 

FTT^R mcfRT ^?^RR RTRTRf^P SFRrR SR (Fftt3TR#-?R) £HT $RR 3frr FTRR- 
FRRT RF 3RJRR ”Fft3*T^XRRft-2008-01 # anftftPT 3flT HiftWl ftFTTP^r srfT RTR Ft FR^TR 
f^Ffr FT^RTRT % fotTT Ptf^S 3R 'H^idn | zr?' SFRTclR www.cert-in.org.in RF 3'-TR«tT |T| 

(5) FTTfRF FTfstf^SR H^RT % RRT FfoTFSF # RfopR R f^RT RTXT 3^F 3R3R 

^ £ w xjsx # 3Rf^r ^ Pn? frPtr 3YP # 3rrot f^rr rtxti 

o o 

6. §fH^ f^TTFX 3frr M? FRTTtfR ^T XRtJR - (1) FfTfRF # PPr RT Mp^ilPd 
tolRR RT ^rfcT ?t, ’TR'r % FFTF- ^ FTTt ^TTF ^ ^Rt| 

(2) toTRRt RT M^T yP^6lPrT ^3=c3j^Ft ^ flW SRTXjj^t 4R F#tR ^TfF # 
hr fRtt 3ftfrn g|r fh$«h ft ftwtfr f?jtr # aftr ^Rti 

(3) FHf^F f^F^r RT f^TTRR ^ 3RRT^t PRTXT cR f^T FR ^ 

3fcp FROTt RT 3TflFSTR^t FTRT $ f^Ffr FRTRRT ^RRt ^ tcHT 3FRRTcT R^t 

^Vll 1 


(4) FTT^sR ^ yfrRSlf^cT «+Fu^hF ^TTpRft 3^tF FRRFt ^T FTSft ^ STRFfRX 

RTR^X FRRT ^ FTRT FRRHl^r ^RT HIMI 
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(5) EfT^T TFRFT TtRtfREE FT Ft 3 t Tc^«T FTSfT RT TWdRl FTTFcRR 

# 7TTT^3TTT RR FTfF FEE TWT 3T3F?!oT ^Tll^c'i f^Tlft' ^TFT 3T3<$FT TT 3T^<^TcT 

FtJFTT ^RTT^t FEE tT^TT im FIT 

(6) W^R FTfHRFFT TR^ f^TTT MTV-I TRfTTR <tRt R 3=R T,3-U|FT 

FTTn ? TFi ft 3 ^^ R?fr arttr tERR % f^nr f Rrt ftpii 

(7) FTTfRT 3R EF ^ T?T TFff?TFT fRt FfT TREFFrT3Tt Ft FF^ FT £ T3R ot 

3T?c?ET FTTfet Ft #r FTEI-FTT Rfr FF3T FFft FTFT RT FRRT Tf^R? % 

Rtt oT JftR Tl^f^r £l 

(8) FT^FT 3R FF^RFt yFTF$t 3fcR £ R TIT fRT £ T^EFFtT3Tt Ft 3TOTTTH 
Fr£ F Rxr RRFEpFT RfFF 3TTR fRt| 

(9) Fi^r? T^TFT FR^TT 3lk FTRT fRfFT 5FT 3TFTSTF FTCfRr ftR # 

fRT[ 

(10) W$«R JTT^ FT JT^^T tft TF R # 3TRfSt ^ Ru 3ER1RT 

TTt^fTi 

(11) FTfRT $R FTET TrRFFT c£f TjTTFT FT c^WiNl RT 3Rt tRRf FRTT! 


7. FT^FT 3R FT fsE&ST^T : tEIfRfT 3r1ttFFT SRT TtRfFT Ftf 3TRFT?r ^FT RrR ^ 
3TFTTpTHT # fRft 3fr FFR Fr=ER iR RTO73T RrmRt RT 37?F V tRWRt feR FfTR 
FT RReF FFFt % Rtj tfiRFFT £| FT^RF FT TTftfr FTR FF* TT RtraTF fR R 
arftmRr art FRfRr crrtRft, tRfft aftr 3 tfr aRfRr ttrht 3TFTstr ^ffpftn 


[FT. FT. 1 1 (3)/201 


TT FfR TTTR, FTT,TT FlfRT 


y- 5P 
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NOTIFICATION 

New Delhi, the 11th April, 2011 


G.S.R. 315(E).— In exercise of the powers conferred by clause (zg) of sub¬ 
section (2) of section 87 read with sub-section (2) of section 79 of the Information 
Technology Act, 2000 (21 of 2000), the Central Government hereby makes the 
following rules, namely:— 


1. Short title and commencement.— (1) These rules may be called the Information 
Technology (Guidelines for Cyber Cafe) Rules, 2011. 


(2) They shall come into force on the date of their publication in the Official 
Gazette. 

2. Definitions — (1) In these rules, unless the context otherwise requires,-- 

(a) “Act” means the Information Technology Act, 2000 (21 of 2000); 

(b) “Appropriate Government” means the Central Government or the State 
Government or an Union Territory Administration; 

(c) “Cyber Cafe” means cyber cafe as defined in clause (na) of sub-section (1) 
of section 2 of the Act; 

(d) “computer resource” means a computer resource as defined in clause (k) of 
sub-section (1) of section 2 of the Act; 

(e) “Data” means data as defined in clause (o) of sub-section (1) of section 2 of 
the Act; 

(f) “Information” means information as defined in clause (v) of sub-section (1) of 
section 2 of the Act; 

(g) “Intermediary” means an intermediary as defined in clause (w) of sub-section 
(1) of section 2 of the Act; 

(h) “Registration Agency” means an agency designated by the Appropriate 
Government to register cyber cafe for their operation; 

(i) "Log Register" - means a register maintained by the Cyber Cafe for access 
and use of computer resource; 
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(j) “User” means a person who avails or access the computer resource and 
includes other persons jointly participating in availing or accessing the 
computer resource in a cvber cafe. 

(2) All other words and expressions used and not defined in these rules but defined 
in the Act shall have the meanings respectively assigned to them in the Act. 

3. Agency for registration of cyber cafe.— (1) All cyber cafes shall be registered 
with a unique registration number with an agency called as registration agency as 
notified by the Appropriate Government in this regard. The broad terms of 
registration shall include: 

(i) name of establishment; 

(ii) address with contact details including email address; 

(iii) whether individual or partnership or sole properitership or society or 
company; 

(iv) date of incorporation; 

(v) name of owner/partnet/properiter/director; 

(vi) whether registered or not (if yes, copy of registration with Registrar 
of Firms or Registrar of Companies or Societies); and 

(vii) type of service to be provided from cyber cafe 

Registration of cyber cafe may be followed up with a physical visit by an 
officer from the registration agency. 

(2) The details of registration of cyber cafe shall be published on the website 
of the registration agency. 

(3) The Appropriate Government shall make an endeavour to set up on-line 
registration facility to enable cyber cafe to register on-line. 

(4) The detailed process of registration to be mandatorily followed by each 
Registration Agency notified by the Appropriate Government shall be separately 
notified under these rules by the central Government. 

4. Identification of User.— (1) The Cyber Cafe shall not allow any user to use its 
computer resource without the identity of the user being established. The intending 
user may establish his identify by producing a document which shall identify the 
users to the satisfaction of the Cyber Cafe. Such document may include any of the 
following 

(i) Identity card issued by any School or College; or 
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(ii) Photo Credit Card or debit card issued by a Bank or Post Office; or 

(iii) Passport; or 

(iv) Voter Identity Card; or 

(v) Permanent Account Number (PAN) card issued by Income-Tax Authority; 

or 

(vi) Photo Identity Card issued by the employer or any Government Agency; 
or 

(vi) Driving License issued by the Appropriate Government; or 

(vii) Unique Identification (UID) Number issued by the Unique Identification 
Authority of India (UIDAI). 

(2) The Cyber Cafe shall keep a record of the user identification document by 
either storing a photocopy or a scanned copy of the document duly authenticated by 
the user and authorised representative of cyber cafe. Such record shall be securely 
maintained for a period of at least one year. 

(3) In addition to the identity established by an user under sub-rule (1), he may 
be photographed by the Cyber Cafe using a web camera installed on one of the 
computers in the Cyber Cafe for establishing the identity of the user. Such web 
camera photographs, duly authenticated by the user and authorised representative 
of cyber cafe, shall be part of the log register which may be maintained in physical or 
electronic form. 

(4) A minor without photo Identity card shall be accompanied by an adult with 
any of the documents as required under sub-rule (1). 

(5) A person accompanying a user shall be allowed to enter cyber cafe after he 
has established his identity by producing a document listed in sub-rule(l) and record 
of same shall be kept in accordance with sub-rule (2). 

(6) The Cyber cafe shall immediately report to the concerned police, if they 
have reasonable doubt or suspicion regarding any user. 

5. Log Register.— (1) After the identity of the user and any person accompanied 
with him has been established as per sub-rule (1) of rule 4, the Cyber Cafe shall 
record and maintain the required information of each user as well as 
accompanying person, if any, in the log register for a minimum period of one 
year. 

(2) The Cyber Cafe may maintain an online version of the log register. Such 
online version of log register shall be authenticated by using digital or electronic 



28 


THE GAZETTE OF INDIA : EXTRAORDINARY 


[Part II— Sec. 3(i)] 


signature. The log register shall contain at least the following details of the user, 

namely : — 

(i) Name 

(ii) Address 

(iii) Gender 

(iv) Ccntact Number 

(v) Type and detail of identification document 
(vii) Date 

(vii) Computer terminal identification 
(viii) Log in Time 
(ix) Log out Time 

(3) Cyber Cafe shall prepare a monthly report at toe '>og na*Y for showing date- 

wise details on the usage of the computer resource and and soft copy 

of the same to the person or agency as directed by the registrator v by the 5 th 
day of next month. 

(4) The cyber cafe owner shall be responsible for stoor^ < -id maintaining 
backups of following log records for each access or login by any of its computer 
resource for at' ist one year:— 

(i) History of websites accessed using computer resource at cyber cafe; 

(ii) Logs of proxy server installed at cyber cafe. 

Cyber Cafe may refer to “Guidelines for auditing and logging - C!SG-2008-01” 
prepared and updated from time to time by Indian Computer Emergency Response 
Team (CERT-ln) for any assistance related to logs. This document is available at 
www.cert-in.org.in 

(5) Cyber cafe shall ensure that log register is not altered and maintained in a 
secure manner for a period of at least one year. 

6, Management of Physical Layout and computer resource. — (1) Partitions of 
Cubicles built or installed if any, inside the Cyber Cafe, shall not exceed four and half 
feet in height from the floor level. 

(2) The screen of all computers installed other than in Partitions or Cubicles, 
shall face ‘outward’, i.e. they shall face the common open space of the Cyber Cafe. 

(3) Any Cyber Cafe having cubicles or partitions shall not allow minors to use any 
computer resource in cubicles or partitions except when they are accompanied by 
their guardians or parents. 
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(4) All time clocks of the computer systems and servers installed in the Cyber 
Cafe shall be synchronised with the Indian Standard Time. 

(5) All the computers in the cyber cafe may be equipped with the commercially 
available safety or filtering software so as to the avoid as far as possible, access to 
the websites relating to pornography including child pornography or obscene 
information.. 

(6) Cyber Cafe shall take sufficient precautions to ensure that their computer 
resource are not utilised for any illegal activity. 

(7) Cyber Cafe shall display a board, clearly visible to the users, prohibiting them 
from viewing pornographic sites as well as copying or downloading information which 
is prohibited under the law. 

(8) Cyber Cafe shall incorporate reasonable preventive measures to disallow the 
user from tampering with the computer system settings. 

(9) Cyber cafe shall maintain the user identity information and the log register in s 
secure manner. 

(10) Cyber cafe shall also maintain a record of its stafr for a period of one year 

(11) Cyber cafe shall not misuse or alter the information in the log register. 

7 . Inspection of Cyber Cafe : (1) An officer autnorised by the registration agency, is 
authorised to check or inspect cyber cafe and the computer resource oi network 
established therein at any time for the compliance of these rules. The cyber cafe 
owner shall provide every related document, registers and any necessary 
information to the inspecting officer on demand. 


[F. No. 11(3)/2011 -CLFE] 
N. RAVI SHANKER, Jt. Secy. 
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^ feti, 11 srtcJ, 2011 


3 i 6 ( 3 T).— fttor, fttot arl^m, 2000 (2000 21) 

mi 6^ £r 3TOTCT (2) % FFT*T yfeH tfRT 87 3TOKT (2) TO {TO) HTTT TOtT TlRTOt eft 
^RrT RTto ft, ar^for :- 


1. Tff^K TOT afk TO3T- (1) f^TOft FtfttFT TOT FjTOTr ($ct^£Tt?p£r #TT 

qftTOT) f^TOT, 2011 ft I 

(2) *t TOTTO £ TORTR # cTTte Ft S^cT ffat I 


2. yftSTTW - Rro# TO TO FT^t Ft 3fTOtJT aptfifcr R jft,- 

(^) "a^P^" ft fttot ^NfrRr^r 2000 (2000 ^ a1> 3ijt£r 

(F3 - ) ' FTOPcT FRyTT" Ft FTF*TtTT RT FTorR FT ifTTT RT c|t^ FTt| FR^Str 

(3T) "yif^R arftTOfr Ft ftTO^ft ftor 3R tett Ftcr ^rorr er T.ti atfiTfoat 
3Tfl^n ft faTFT^ TRfstcT ^t^Tt^T FTTO-t ^zfoqT 3T TOilTO aft $ f>^t fcT 

Rrort # ytoi aw tow toP grr ^ anlw Trstorat ^rt 

TOTOT FTFTTtRt RT %fft FTTOT R% <£t Fl^RTnT Ft TO TOW TO°t ^ Ptt 3^7][H 

^ o o 

RTOt TOR ft; 

(et) "totito to £ =tff atfETPrzm, t^mro r f^Pror to ttTORito ftott ^ ar^r 
Ft ft^itt tofTO yiftjTOfr gm M toFto tor ^ toPft # yR^jp, arProF to stRto 

<n c a, 

-ft ftoP toP #r Pro pro aiP toft torto to arPpr <t PffP stto^ft 
to £ ffPr aftr ffffRtcT yrfTOrft stft TOJiPPf^ M toto 3 "ittroar 
tottto to aft ft; 

(5) "yroro yrtertt' Ft arRit^m # ?rft 2 ttotrt (i) #7 (o:j # 
TOyfwf^cT toto yrfertt 3trMa t\ 

(r) "FTOT ^frP' ^ arMTO # p OTFT 2 # 3TOFT (1) % TO (TO) # 
TOqRTOf^rT FTTOT 3 tHT^cT 


life i 
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(tj) "i&jz r fftof " £ 3tPPff *£r strt 2 *£r 3 t t?trt (i) % tf? {£) *r 

FTOTftFT%T F>c^ FFRFT 3fH^RT 

c\ 

(f) "fc^rt^r ff^ f^ff?’ £ arftipFF # trnr 2 aqmr (1) % tfs 
(sft) # FrortaiftF ft^f arfitoF £; 

(fr) "f^FsrPfr tm wftei-H " $ w# afrr anfert ^r toPT 2tif^c=r ffft, 
ftFft art, y^TFT q?, aratt ft 3 w*teT F?r ffft 3 ftr Pff 3 ^ 

O <\ 3 

anfr^r f%Pfe qf^rr ft 3fw ffcT grr ^f£iP«£i toff stf ?tf #r sip ft 
f^tf arH^lcr 

Q>r) Rarenr £ 3 *PPff <$r strt 2 # tojrt (1) ^ ws 

(TO) # FFTFftFTftcT $dW<TP<Sl fFTOfT 

(e:) " $<}f<iP£i ^fftstt y-Hium^’ £ arftrf^rzrFr #r ftf 2 tojtf (i) 

% ^ (to) # FFmftFrf*iF ^F£iP<£i ^mr wm arfltfrcr t, 

(s) " $etF£iP<£r ff £ ^te£TP£r arflr£# ff tw " if - 

pOTt #T 3TFFFF # ?3FSTp£T FF # ^FTOTftcT, FSTpT A TOT ofT F3fr 

arf^ d W) ff f arfsT&F 

(5) "^FT TOFT' £ 3TPPFF FTF 6F7 <£t 3FUTF (1) % FF^FTFF # 

Pfe £ft TOFT 3TMf $■; 

(5) ’’^FFTSR FF^3 FTFT MlPcbifl" £ 3 tPPfF, Piff), PPWflt FT 

FFTO FF FT?T Fip % Pi FFPci FTFFT & 3TT&T #T 3Rjp F3TFT F^ ?FFT8fR F?P 
ftft yiP^i^i arfSPr & 

1 ^l«*£lfa«ft qfcjT qftSR TOT<fr- 

* 1} FFPf FTFFT FFF FT 3fM<A f^Ffr MiP^ci aTpFF^F FT^FF ^ ^<>l^ciP4il FF ^ 
FF^ iRter % FT f^Fft 3TFF ^fFT M^ciM FF % TOFF ^ Ffo ^tFT TOF FF 

Fq^t t\ 

(2) FFPF FTW FT 3F^ fPfF^T ^FT hRc;m FTT yFF 3fF tlfrT ftPfe 

FF F#Rt| 

(3) FFPF FTFTTT a frq vflF HT # 3T^TT FT^ F^RftH $^lP^T 3ff^W ^T 3F^T 
$p | <*-£ i P4? i ^r tT ^ftott FF^t ^ ?tFF ff^t ftp f^?r ff f#fTti 

(4) ffPci ftfft ^f^tP^T ^tft qfeiF Prr qiP^cr ^ft TOHrart attr 3F^ 
arfiTFF^afr Ft 3 tPfPh fMi 

(5) FFPrT FTFTR fplF^rP^T ^fFT mRc;m y u HHl F>t SRftFFT FF^T f^T FF F^TFt ^T 
qTFTt F>t trft FTFFT # f^T F^cTT 3^T ^FTFT F%FT #T aiFTOTF ^ f^FT TO TOTFt 
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TTRcfr qR %\ 

O 

(6) $RT R?TRT3# 3frr 3R% 3Ttl^t3fr 3R cRf% £ off TtRT qq 

3rrYr q^rr t? qt<R ^HcH«y qR%r % y^iloioH % f^i^ qrRftRr ek^n sttt RRifctfo-i'i^s 0^ 

qRRf qq RR^T qR^T % IoTCT, TR^T % f^TR 3fa Willed TR^T % f^HT ytftr^T qR ?M| 

RTR Rf % 3qiRtf%R ^RT RREft qrt FfaT qq qR^T qTc* cRf% %t # 3TTRt qR?T 

qTR^r qq tret qR £ f%RT rtcrit! 

(7) UJHftld TRTqr 3Tf^lEh4RI £RT ^RT 3ft* 3R% RTft}qqT 3ftS3qqft3ft itrt qsqftH 

aftq wd^cT f%3 RTft qM %r aR qft 3Tlt)*jMdi srt qsfrfri 

(8) ddRlci RRTR ftRT q3THT3# 3ftq 353% RTI^RkT 3ftS}qqft3ft £RT ^RF TcR % HTRqft qft 

§ft qR qftRfn 

4. ?c^T^r%r %rt qtoR %T 3ft?RTRRr- 

{1} 'dd'kJrl 7RTTT 3R ^RT3ft %t 3Tlt)*TptH qR R%ftt 3lt qrRR-RRR qq FT # 

qftqq %r RRft fti 

(2) -ddT^d qRqqq qRTR-*TRR qq 3 ir qii^" 1 1 f^Rt, H'ddci, q^Hiumqj, RqrftRt, -dqiq qiRcft 
3MJft<w1 % ^Prr qftf % rrr 4 3R%r q^fcTR 3tf?}cHftdi %T qRRftR qtmrart # tRdiaR 
qRft cjir«) qrf&qqftRt %T qrftf %T m$*jw 3 ft* 3ft 3ff?Rr1qRT qR qr%ftti 

<S fs 

(3) afttRRMi q<HiumT %r qqftft, RRf%v *r*qqq srt rrt 33Rfttf^R ^rtrr qrft Rift 
qTteqftftt % rtr, qifenter % qHi% -^r %r 3r%?3 3 %t 3R%r 3^‘cHiRdi %r tIRt %t 

qR%ti 

(4) xHRf^Vi FRqqq TRT^-TTRT RT ^TcITSTT qR^T q%T qiftef^ft %t ?T%' 4 ^TcTTSTT TR^T 

qrltTcFTfr %r ^rr rtR" qy^RnMr %r 3%r qq f%mq qR^ gtr 

qRRM q^r 3Tftr?rRrrr qR qi^i 

r\ 

5 . ^ fqqTTarftR fc^rWr 3rf^sf|- % qra^ qq qrqqqfr ^rt 

TpRT- 

(1) qr&ft qrl^rqqfr ort mch rtrit ^ 33RntfT, qqf^R:, qRinqR, rt 

3 wUd ^ qR^- f Rtn^Rf^r qq ^ gRRrarRqr M' 3Mdf^Rl, M^el qRRiqqt, 

qdlT^qt RT 31d<H'!d<Hl % cRf^RT 3TflRR% qi R -id % RRR qfr 3l^H qRrt 33 3Rqq qqi 
3TTR RT^R RR3 ^RR q%% 33f§^^73TRR qRRRt 3frf 3qiqq 3TRqSTR q%^TI 

(2) >h<h Rl cT qrqqqq 3qf^RR (1) ft Pffe qq - 3dcR§rftrr rr^ %rr qR% 

y f^ gif ^ T qq^r, 3 Tfi^elqyi^i k ^ri^ 3ftq 3qrqr 33^533 qR^r %T ^tfrr i^Pil^sr qR 1 

( 3) qrftJcEFft qR 3^ m 3TRR1M, 37^, ^fW RT RRR^Rt % 

3j J f|^g- TR zrr RRR qq 3T%RJ % ?TRTaR qR R#qt 3ttq 3Rqq 33TR rt^r 


‘I*-1 


>■ lUlWft 


>1 • 1MI»Mi*4l«|ill IM l. 
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^rtrtr #7 f^r 3?r^i'4V ^h*Ti 

(4) ^«nRlrt RT4>H ^cteyiP<£l 5reT, TTRRT, 3TT^T, feOldcH £ g T dfflftd 

3ftr 3 ?t#) w?r: Prto # tort ykfrftt^r anf^rat % f^rr?- to$tt vifaz rr PQf%g j?r 
TT# 73tt 3^1 RISTT 9 %RT qTT 3 l<HHlcH<H f^STRTTtREIT 3frf ^BTSTT q7*P qr<4 yrffrqilftRt £Rr foTRT 
digjnt 

3MPd<H (1) Pt^ET TOTT yf^TRT # R^TTtosSY qTfqTRf #7 Sf^RUf 3fa 3RRSTW 
o o o 

# 33^13#, 51IJsji< 1 qr wm? 313'dcfte RTT^T qR P«rtRT 3 ft? qJTfUM y | f£ ) 4i | ft4 i ^T 3T^STT3# 
RTT didMldd qRRT ’§fr £l 

6. ??^?rPqF tfr ^ctajrf^r dft^rgT % # qf^fcr y^rr 

(1) toI^h tot rt t^w # rt f^TT^r qroR £ 3rrtor 3 t1Pwt fter qr 

^efqRTfo-Tq7 RR T^ RTRTSTf^TT ipdqc^lPcPl 47 TTR^T 3^" q c^f-jR q7Te4" 47 <?>H u i) dd 

3f1Pfotf-Qd RR<4 ^7 TOfPcT qftRcfcr qR TT#Rfr RT RR^T RTT 3TT^f RR TT#Rft| 

(2) iP+ rr £ Ffawfta $dq£iP£l arf^Tc^st 47 f47rfr to^t #7 f^t arffT^rg- # f47Ri 

TOT q4f qftddd 3ttr ^ TOR f^fr •HftTpto qTT qtfcf RT offa* 3TT 3RfrK RRT Ref TpRT 47 
TOR 3tk ididTUll 47 TOTR # RtRT #7 RRT tRTT qf^pd RTT^ #7 PfR ^TR R d q - R T P q7 
TR £ RRmftcT f47RT dITOIl 

(3) toPh TRR7TT fcdqRTpqT TR £ RRTWftTT $c4q-£lP4d 3ff£p^TRf #7 TOR £ fatft 
3f%cfe qTT RtR RTT^T # RTOT q4 Rf4q^Tpq7 TO ^T ^RTTW qTT^T # frf?f qTt f^%?T qR R#77fn 

(4) d<HPd TRqTR f^Ptdd TR £ fRTOte 3fflTTW #7 TO * RTf^TcT ^T ffl^t #7 

3qgtr q^r 9fT f^pu^d qR R^ttl 

(5) RRPrT TRqTR FSPlCol TR ^ TOcTTSTf^rT ^<Aq^iPq> 3rf^lT^T3t ^7 TTTO" 3fRT5T u T dRo-l 

#7 PR y^j- ^r om RteT # 3f^r§TT3ft qTt §fr PPU^d qR ?Ml 

7. ^t qrorr aftr yit^q>d afUTOt qrr fMR qqtjR 3ttr ^riqrR qrr <iPr4 

RRprT TRRTR yr^q> ^RT RTOTT 3^ MlP^d 3fflTq7cfr qTt R^t RcRq^Rt, MldPdl, 

o L 

d l ixJTl qq 3RTOT 3frr R£cT c^T4T T^f #7 lofR d?R MUdrf fdq^lP=Pr ^RT #7 RRR ^ RcRqfRt 
3ltr TfcTRf # qiqp«ql ^7 d<4 q>T 3fd-(Si u f qTfod ^7 Pr qRR PPf^g rttP ^7 Pk 1 Pc^?t ^ 
tfMt 3 fn 3 rF 7 afUTcT# qTt Pfrawr 3 ^ #rt qfrarr % 1 cTr rrPr tttrtr ot dTRPfe f^fr 

3ff?TOTO RT qRl^rr #7 TOST RFdR f^TRf RTRRTI 

8. to y<iidr afrr yiP^d 3ft?rqicft3ft # tjrrt wn# 3ttr wtft ^tst Rfrw 

(!) RRfcTR TTRqTR RRR T^RT q^JHT dftl RrfteR 3ftlfq7dt3fr #7 <*{4**4Id! ^T ^ 3fTRTo4 
qr, rT qR iPd '^, <Hi<Hpf^g eRgT qfrsrr 37f^q7TOt giTT cdr^T qfrsrT qq ttrttot q>i^d 
qT^ttl 
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(2) Aw toSIT £ , totodT to #T toddi to $to£ l P<£ l to A 

tor to^to ^ awytoi w to Pwi^d to to sgiar to witter tortoafr gw 

TJsT W7 tot # STtgdT tor qgc4 ton 

(3) 3TTftr 3ffeWi ; gRT f^T WT M?tl W TMMIdd tot % f^PT 3ftT toT toSTT 

toTtot gRT ffto |ftot ^ 3Wt % fto tor toSTT 3TfiT^Rxrft gRT faPlto 

% aftdr to wtht to to^d arfltor ddto stRtto gw d w pf^g tor 
toto arftoto <£r w to ^wdi 3trtoi gmtoi 

(4) tot to wgrcfT to Litton atotor y?to toto agwr to -hi to* #r to 4t 

trsw 4t fto to tow sthf tor to toto w toto w*k # A ftor f* 

>3 O 

f^tocT dp<nP #r tor *t 3ntot^d y^Rdd to toygiHT ^t ator tor to to sgR 

4to £ to tor to to RTtof at atoftow *£r rw 45 4r stou to[ ftoh 

9. toggiftoT to togw it fto*r tow wtot w 3Mtoi - dtora toi 
to tocjw % 3TRT ^ ^ at toTT, 3TTtoT, 3Wto,toto, Wl WT, SHJIdld 

^t mtor cWr to aro gwntot % fto Trrarr aFrtoar uTT A to ywr Tt tote 

-3 o 

tow wtor ttoto *i toto 


[w. A. u ( 3 )/2011 wlwto 
toa toi, wrc tora 


NOTIFICATION 

New Delhi, the 11th April, 2011 

G.S.R. 316 (E).— In exercise of the powers conferred by clause (ca) of sub-section (2) 
of section 87, read with sub-section (2) of section 6A of the Information Technology 
Act, 2000 (21 of 2000), the Central Government hereby makes the following rules, 
namely:- 

1. Short title and commencement.- (1) These rules may be called the Information 
Technology (Electronic Service Delivery) Rules, 2011. 

(2) They shall come into force on the date of their publication in the Official 

Gazette. 

2. Definitions.- In these rules, unless the context otherwise requires,- 

(a) "Act" means the Information Technology Act, 2000 (21 of 2000); 
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(b) “appropriate Government” means the Central Government or the State 

Government or an Union Territory Administration; i 

(c) “authorised agent" means an agent of the appropriate Government or 
service provider and includes an operator of an electronically enabled kiosk 
who is permitted under these rules to deliver public services to the users 
with the help of a computer resource or any communication device, by 
following the procedure specified in the rules; 

(d) ’’certificate" means a certificate required to be issued by a statutory 
authority empowered under any Act, rule, regulation or Order of the 
appropriate Government to issue a certificate to confirm the status, right or 
responsibility of a person, either natural or artificial, and includes a 
certificate in electronic form printed and delivered in such form as may be 
specified by the appropriate authority; 

(e) “Certifying Authority” means certifying authority as defined in clause (g) 
of sub-section (1) of section 2 of the Act; 

(f) "communication device" means the communication device as defined in 
clause (ha) of sub-section (1) of section 2 of the Act; 

(g) “computer resource” means the computer resource as defined in clause 
(k) of sub-section (1) of section 2 of the Act; 

(h) "Electronically enabled kiosk” means the cyber cafe as defined in clause 
(na) of sub-section (1) of section 2 of the Act; 

(i) "Electronic Service Delivery" means the delivery of public services in the 
form of filing receipt of forms and applications, issue or grant of any license, 
permit, certificate, sanction or approval and the receipt or payment of 
money by electronic means by following the procedure specified under rule 
3; 


0 "electronic signature" means the electronic signature as defined in clause 
(ta) of sub-section (1) of section 2 of the Act; 

(k) "Electronic Signature Certificate" means the electronic signature 
certificate as defined in clause (tb) of sub-section (1) of section 2 of the Act; 
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(l) "Repository of Electronically Signed Electronic Records" means a 
collection of all electronically signed electronic records, stored and 
managed in accordance with these rules; 

(m) "service provider" means a service provider as referred to in Explanation 
to sub-section (1) of section 6A of the Act; 

(n) “signing authority " means an authority empowered jnda any Act, rules, 
regulations or Order of the appropriate Government to issue a certificate. 

3. System of Electronic Service Delivery.- 

(1) The appropriate Government may on its own or through an agency 
authorised by it, deliver public services through tonic ally enabled 
kiosks or any other electronic service delivery mechamsn 

(2) The appropriate Government or its agencies may spectf’r t $ form and the 
manner of Electronic Service Delivery. 

(3) The appropriate Government may determine the rnar.i’>e r of encrypting 
sensitive electronic records requiring confidentiality, while they are 
electronically signed. 

(4) The appropriate Government shall notify the service providers and their 

agents authorised for Electronic Service Delivery. 

(5) The appropriate Government may allow receipt of payments made by 
adopting the Electronic Service Delivery System to be a deemed receipt of 
payment effected in compliance with the financial code and treasury code 
of such Government. 

(6) The appropriate Government may authorise service providers or their 
authorised agents to collect, retain and appropriate such service charges as 
may be specified by the appropriate Government for the purpose of 
providing such services from the person availing such services; 

Provided that the apportioned service charges shall be clearly indicated 
on the receipt to be given to the person availing the services. 

(7) The appropriate Government shall by notification specify the scale of 
service charges which may be charged and collected by the service 
providers and their authorised agents for various kinds of services. 

(8) The appropriate Government may also determine the norms on service 
levels to be complied with by the Service Provider and the authorised 
agents. 
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4. Notification of Electronic Service Delivery.- 

(1) The appropriate Government may notify the services that shall be delivered 
electronically from time to time. 

(2) The appropriate Government may identify and notify, from time to time, the 
list or signing authorities in respect of different classes of licenses, permits, 
certificates, sanctions, payment receipt approvals and local limits of their 
respective jurisdictions. 

(3) The notification shall specify "the nature of certificate, the names of the 
signing authorities, as approved by the appropriate Government, the period 
of effectiveness of the authority and the extent of their jurisdiction. 

(4) The appropriate Government may notify changes to the list of signing 
authorities from time to time, taking into consideration the terms and 
conditions of the services of employees holding positions of signing 
authorities. 

5. Creation of repository of electronically signed electronic records by 
Government Authorities.- 

(1) All authorities that issue any license, permit, certificate, sanction or approval 
electronically, shall create, archive and maintain a repository of 
electronically signed electronic records of such licenses, permits, 
certificates, sanctions or approvals, as the case may be, online with due 
timestamps of creation of these individual electronic records. 

(2) The appropriate Government may specify the manner of creating, 
establishing, archiving and maintaining the repository of electronically 
signed electronic records referred to in sub-rule (1). 

(3) The authorities may electronically sign the electronic records of such 
licenses, permits, certificates, sanctions or approvals for each record or as a 
whole for a specific duration and shall be responsible in administering them 
online. 

(4) The appropriate Government may specify the security procedures in respect 
of the electronic data, information, applications, repository of digitally signed 
electronic records and information technology assets under their respective 
control and that security procedures shall be followed by the Head of the 
Department and the signing authorities. 

Explanation.- The expression “security procedures” referred to in sub-rule 
(4) shall include requirements for the storage and management of 
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cryptographic keys, restrictions for downloading the certificates on to 
browsers, and of complying with the requirements of certifying authorities. 

6 . Procedure for making changes in a repository of electronically signed 
electronic records.- 

(1) The appropriate Government may either suo moto or after receiving an 
application from an interested party, make or order to make an appropriate 
change in a repository of electronically signed electronic records along with 
recording the reasons for making such a change. 

(2) Any change effected to any record in a repository of electronically signed 
electronic records and any addition or deletion of a record from such 
repository shall be electronically signed by the person who is authorised to 
make such changes along with the time stamps of original creation and 
modification times. 

(3) The appropriate Government may determine the manner of electronically 
signing the event of deletion of a record from the repository of electronically 
signed electronic records. 

(4) The appropriate Government may also determine the manner of 
provisioning secure access to the repository of digitally signed electronic 
records. 

(5) The appropriate Government may also determine the requirements for 
maintaining audit trails of all changes made to repository of digitally signed 
electronic records. 

7. Responsibility of service provider and authorised agents for financial 
management and accounting.- The appropriate Government may direct every 
service provider and authorised agent to keep an updated and accurate account of 

the transactions, receipts, vouchers and specify the formats for maintaining 
accounts of transactions and receipt of payment in respect of the electronic 
services delivered and the said records shall be produced for inspection and audit 
before an agency or person nominated by the appropriate Government. 

8 . Audit of the Information System and Accounts of service provider and 
authorised agents.- 

(1) The appropriate Government may cause an audit to be conducted of the 
affairs of the service providers and authorised agents in the State at such 
intervals as deemed necessary by nominating such audit agencies. 


[<tpf n —WTZ 3(i)] 


^TRfT <MM^( : 3T^fTW r l 


39 


(2) The audit may cover aspects such as the security, confidentiality and the 
privacy of information, the functionality and performance of any software 
application used in the electronic service delivery and the accuracy of 
accounts kept by the service providers and authorised agents. 

(3) The service providers and the authorised agents shall provide such 
information and assistance to the audit agencies nominated by the 
appropriate authority, to comply with the directions given by the audit 
agencies and to rectify the defects and deficiencies pointed out by the audit 
agencies within the time limit specified by the audit agency. 

(4) All service providers and the authorised agents shall submit a due 
declaration for protecting the data of every individual transaction and citizen 
and any unauthorised disclosure to anyone without the written consent of 
either the individual or the appropriate Government shall be debarred from 
providing such a service any further and the provisions of section 45 of the 
Act shall be applicable in such cases. 

9. Use of special stationery in electronic service delivery.- The appropriate 
Government may specify different types of special stationery, with accompanying 
security features for forms, applications, licenses, permits, certificates, receipts of 
payment and such other documents as part of Electronic Service Delivery. 

[F. No. 11(3)/2011-CLFE] 
SHANKAR AGGARWAL, Addl. Secy. 
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